An important aspect of developing code for any browser, including Firefox, as well as any Web-oriented project, is its security. These articles provide important guides and references to ensuring the code you write is secure, including both design recommendations and testing guidelines.
- A Web PKI x509 certificate primer
- X.509 (in this document referred as x509) is an ITU standard to describe certificates. This article provides an overview of what these are and how they work.
- Exploitable crashes
- This article will help you determine if a crash is exploitable, find crashes which are exploitable, and to fix exploitable crashes.
- Handling Mozilla Security Bugs
- This document describes how the new security organizational structure will work, and how security-related Mozilla bug reports will be handled.
- Pinning violation reports
- If a site makes use of key pinning, and your browser sees a certificate chain for that site which does not match the pin, Firefox will reject the connection and display an error page.
- Secure Development Guidelines
- The following content will likely see significant revision, though can be used as a reference for security best practices to follow when developing code for Mozilla.
- Security and the jar protocol
- This article discusses security concerns with the
jar:protocol, which only Firefox has ever implemented for Web content.